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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.1 14, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
September 25, 2006 has been entered. 

Status of Claims 
1 . Claims 6, 14, and 20-28, are cancelled. 
Claims 1 , 9, 1 5, and 29 are amended. 

Claims 1-5, 7-13, 15-19, and 29-33, are pending in this application per the 
request for continued examination filed on September 25, 2006. 



Response to Arguments 

2. Applicant's arguments with. respect to claim 1-5, 7-13, 15-19, and 29-33, have 
been considered but are moot in view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically .disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. Claims 1-8 and 29-33 . are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brown et al U.S. Patent Application Publication No. 2004/0139327 
A1 in view of Hwangbo U.S. Patent Application Publication No. 2003/0154376 Al and 
further in view of Fischer U.S. Patent No. 5,214,702. 

13. As per claims 1 and 29 . Brown et al discloses in a computing environment 
having a connection to a network, computer readable code readable by a computer 
system in said environment, for enabling a server computer within the computing 
environment to both authenticate a user of a client computer within the computing 
environment and to verify that the user is authorized to request that the server computer 
carry out a requested action, comprising: 

a digital certificate assigned to the user of the client computer, the digital 
certificate comprising a first code portion and a second code portion, wherein the first 
code portion of the digital certificate is configured enable authentication of the user, the 
first code portion defines a public key, a certificate serial number, a certificate validity 
period, a digital signature of the certificate authority, and an extension field; 
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wherein the second code portion of the digital certificate is configured to define 
an authority of the user of the client computer to request that the server computer carry 
out the requested action, the second code portion being configured for inclusion within 
the extension field of the first code portion, the authority of the user defined within the 
second code portion of the certificate being verifiable by the server computer 
independently of the digital certificate by accessing a store of authority information that 
is independent of digital certificate (see figs. 1 and 3; 0165; 0067; 0174; 0183) by 
accessing, over the network, a store of authority information that is independent of the 
digital certificate and by matching the authority of the user defined within the second 
code portion of the certificate to corresponding authority information of the user 
retrieved from the accessed independent store of authority information. 

What brown does not explicitly teach is a digital certificate assigned to the user of 
the client computer, the digital certificate comprising a first code portion and a second 
code portion, wherein the first code portion of the digital certificate is configured enable 
authentication of the user, the first code portion defines a public key, a certificate serial 
number, a certificate validity period, a digital signature of the certificate authority, and an 
extension field; and 

accessing, over the network, a store of authority information that is independent 
of the digital certificate and by matching the authority of the user defined within the 
second code portion of the certificate to corresponding authority information of the user 
retrieved from the accessed independent store of authority information. 
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Hwangbo discloses a digital certificate assigned to the user of the client 
computer, the digital certificate comprising a first code portion and a second code 
portion, wherein the first code portion of the digital certificate is configured enable 
authentication of the user, the first code portion defines a public key, a certificate serial 
number, a certificate validity period, a digital signature of the certificate authority, and 
the extension field (fig. 10; 0029; 0034; 0096; claim 17). 

Fischer discloses accessing, over the network, a store of authority information 
that is independent of the digital certificate and by matching the authority of the user 
defined within the second code portion of the certificate to con^esponding authority 
information of the user retrieved from the accessed independent store of authority 
information (fig. 3; see claim 1. 17, 20 and 41) 

Accordingly it would have been obvious to one of ordinary skill in the art at time 
of applicant's invention to modify the system of Brown et al and incorporate a digital 
certificate assigned to the user of the client computer, the digital certificate comprising a 
first code portion and a second code portion, wherein the first code portion of the digital 
certificate is configured to enable authentication of the user, the first code portion 
defines a public key, a certificate serial number, a certificate validity period, a digital 
signature of the certificate authority, and an extension field and matching the authority 
of a user within the second code portion of the certificate to corresponding authority 
information of the user retrieved from the accessed independent store of authority 
information in view of the teachings of Hwangbo and Fischer respectively in order to 
show details and/or configurable nature of X.509 and its capabilities. 
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14. As per claim 2 and 30, Brown et al further discloses a computer readable code, 
wherein the digital certificate conforms to the X.509 standard (0109; 0164; 0183). 

15. As per claim 3 and 31 Brown et al further discloses the computer readable 
code, wherein the second code portion is configured as XML code (0062; 0068; 0069). 

16. As per claim 4and 32 . Brown et a! further discloses the computer readable 
code, wherein the XML code is compliant with a DSML standard (0109; 0164; 0183). 

17. As per claim 5 and 33 , Brown et al further discloses the computer readable 
code, wherein the authority of the user of the client computer is stored in a hierarchical 
authority data structure that is accessible by the server computer (0183). 

1 8. As per claim 6 , Brown et al further discloses the computer readable code, 
wherein the authority of the user defined within the second code portion of the certificate 
is verifiable by the server computer accessing a store of authority information that is 
independent of the received certificate (01 83). 

1 9. As per claim 7 , Brown et al further discloses the computer readable code, 
wherein the authority defined within the second code portion defines access rights of 
the user to data and programs within the computing environment (0183). 
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20. As per claim 8 , Brown et al further discloses the connputer readable code, 
wherein the authority defined within the second code portion defines rights of the user to 
issue payment requests (0183; see claim 80). 

Claims 9-13, and 15-19, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Brown et al U.S. Patent Application Publication No. 2004/0139327 
Al in view of in view of Fischer U.S. Patent No. 5,214,702. 

5. As per claim 9 , Brown et al discloses a computer-implemented method for 
ensuring non-repudiation of a payment request, the payment request being generated in 
a computing environment having a connection to a network, the method comprising the 
steps of: 

receiving, over the network, the payment request together with a certificate 
identifying a user having caused the payment request to be generated, the certificate 
including certificate-identifying information and user-identifying information, the 
certificate further including authority information defining an authority of the user to 
make the payment request (fig. 1, 2, 3, and 8; 0165; 0174; 0183; claim 80); 

validating the certificate-identifying information and the user-identifying 
information included within the received certificate by accessing a store of authority 
information that is independent of the received certificate (figs. 1, 2, 3, and 8; 0165; 
0067; 0174; 0183; claim 80); 
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validating the authority information included within the received certificate, by 
accessing a store of authority information that is independent of the digital certificate 
and by matching the authority of the user defined within the second code portion of the 
certificate to corresponding authority information of the user retrieved from the accessed 
independent store of authority information, and 

executing of the payment request only when the certificate-identifying 
information, the user-identifying information and the authority information within the 
received certificate is successfully validated (fig. 1, 2, 3, and 8; 0165; 0174; 0183; claim 
80) 

What Brown does not explicitly teach is validating the authority information 
included within the received certificate, by accessing a store of authority information that 
is independent of the digital certificate and by matching the authority of the user defined 
within the second code portion of the certificate to corresponding authority information 
of the user retrieved from the accessed independent store of authority information. 

Fischer discloses accessing, over the network, a store of authority information 
that is independent of the digital certificate and by matching the authority of the user 
defined within the second code portion of the certificate to corresponding authority 
information of the user retrieved from the accessed independent store of authority 
information (fig. 3; see claim 1. 17, 20 and 41) 

Accordingly it would have been obvious to one of ordinary skill in the art at time 
of applicant's invention to modify the system of Brown et al and incorporate a method of 
accessing, over the network, a store of authority information that is independent of the 
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digital certificate and by matching the authority of the user defined within the second 
code portion of the certificate to corresponding authority information of the user 
retrieved from the accessed independent store of authority information as taught by 
Fischer, in order to ensure adequate security during validation. 

6. As per claim 10 . Brown et al further discloses the method, wherein the payment 
request is for a predetermined amount and wherein the payment request is authorized 
only when the validating steps are successful and when the authority information for the 
user stored in the hierarchical authority data structure lists an authorized amount for the 
user at least equal to the predetermined amount (0177; 0183; 0184; 0185). 

7. As per claim 11 and 16 . Brown et al further discloses the method, wherein the 
certificate received in the receiving step conforms to the X.509 standard (0109; 0164; 
0183). 

8. As per claim 12 and 17 , Brown et al further discloses the method, wherein the 
authority information is configured as XML code (0062; 0068; 0069). 

9. As per claim 13 and 18 . Brown et al further discloses the method, wherein the 
XML code is compliant with a DSML standard (0062; 0068; 0069). 



10. 



As per claim 15 . Brown et al discloses a software application configured to carry 
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out a financial transaction, the application being configured to run on a computer 
coupled to a network, and comprising, stored on a computer-readable medium: 

certificate receiving code which is configured to receive a digital certificate from a 
user over the network, the certificate including certificate-identifying information and 
user-identifying information, the certificate further including authority information that 
defines an authority granted to the user to request that the financial transaction be 
carried out (fig. 1, 2, 3, and 8; 0165; 0174; 0183; claim 80); 

certificate validating code configured to enable validation of the certificate- 
identifying information and user-identifying information within the received certificate 
(fig. 1, 2, 3, and 8; 0165; 0174; 0183; claim 80). 

What Brown does not explicitly teach is 

authorization validating code configured to enable validation of the authority 
information within the received certificate against corresponding authority information for 
the user stored in a data structure that is coupled to the network and that is independent 
of the received certificate by accessing the data structure over the network and by 
matching the authority information included in the received certificate to the 
corresponding authority information stored in the accessed data structure. 

Fischer discloses authorization validating code configured to enable validation of 
the authority information within the received certificate against corresponding authority 
information for the user stored in a data structure that is coupled to the network and that 
is independent of the received certificate by accessing the data structure over the 
network and by matching the authority information included in the received certificate to 
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the corresponding authority information stored in the accessed data structure (fig. 3; see 
claim 1. 17, 20 and 41). 

Accordingly it would have been obvious to one of ordinary skill in the art at time 
of applicant's invention to modify the system of Brown et al and incorporate a method of 
authorization validating code configured to enable validation of the authority information 
within the received certificate against corresponding authority information for the user 
stored in a data structure that is coupled to the network and that is independent of the 
received certificate by accessing the data structure over the network and by matching 
the authority information included in the received certificate to the corresponding 
authority information stored in the accessed data structure. 

11. As per claim 19 . Brown et al further discloses the software application, wherein 
the authority defined by the authority information within the received certificate also 
defines rights of the user to access predetermined data and programs within the 
network (0183; 0184). 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. The reference cited to Skibbie et al U.S. Patent No. 6,910,128 is 
a document considered relevant to the claimed invention. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Charles C. Agwumezie whose number is (571) 272- 
6838. The examiner can normally be reached on Monday - Friday 8:00 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammel! can be reached on (571) 272 - 6712. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll free). 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington D.C. 20231 

Or faxed to: 
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(571) 273-8300. [Official communications; including After Final communications labeled 
"Box AF"]. 

(571) 273-8300. [Informal/Draft communications, labeled "PROPOSED" or "DRAFT"]. 

Hand delivered responses should be brought to the United States Patent and 
Trademark Office Customer Service Window: 

Randolph Building, 
401 Dulany Street 
Alexandria VA. 22314 

Charlie Lion Agwumezie 
Patent Examiner 
Art Unit 3621 
December 1 , 2006 



KAMBIZABDI 
PRIMARY EXA^^!MER 




